CN111294412A - Processing method and device for exception of content distribution network node server - Google Patents

Processing method and device for exception of content distribution network node server Download PDF

Info

Publication number
CN111294412A
CN111294412A CN201811488817.2A CN201811488817A CN111294412A CN 111294412 A CN111294412 A CN 111294412A CN 201811488817 A CN201811488817 A CN 201811488817A CN 111294412 A CN111294412 A CN 111294412A
Authority
CN
China
Prior art keywords
blocked
server
address
domain name
blocking
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811488817.2A
Other languages
Chinese (zh)
Other versions
CN111294412B (en
Inventor
黄麟
王康
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guizhou Baishancloud Technology Co Ltd
Original Assignee
Guizhou Baishancloud Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guizhou Baishancloud Technology Co Ltd filed Critical Guizhou Baishancloud Technology Co Ltd
Priority to CN201811488817.2A priority Critical patent/CN111294412B/en
Publication of CN111294412A publication Critical patent/CN111294412A/en
Application granted granted Critical
Publication of CN111294412B publication Critical patent/CN111294412B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5046Resolving address allocation conflicts; Testing of addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/0631Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • H04L43/0805Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability
    • H04L43/0811Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability by checking connectivity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • H04L43/0805Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability
    • H04L43/0817Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability by checking functioning
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5076Update or notification mechanisms, e.g. DynDNS

Abstract

The invention discloses a processing method and a device for exception of a content distribution network node server, wherein the method comprises the following steps: acquiring the states of various monitoring data when the IP address of the server is accessed and/or tested in real time; judging whether the state of the monitoring data meets an abnormal judgment condition or not; when the monitoring data meet the abnormal judgment condition, selecting a combination of the states of N items of monitoring data from the states of all items of monitoring data of the IP address of the server as monitoring logic; judging whether the monitoring logic belongs to a blocking IP logic list or not, if so, judging that the IP address of the server is blocked, if not, judging whether the monitoring logic matches with the logic list belonging to a non-blocking IP or not, and if not, judging that the IP address of the server is blocked after inquiring a record for confirming that the IP address of the server is blocked in a blocking IP processing history sent to a CDN control center. The invention can automatically discover the blocked IP and recover the service on the blocked IP in real time.

Description

Processing method and device for exception of content distribution network node server
Technical Field
The invention relates to the technical field of internet, in particular to a method and a device for processing abnormity of a content distribution network node server.
Background
With the continuous development of Content Delivery Network (CDN) technology, there are more and more domain name types accelerated by using a CDN, some domain names may not be recorded in the system or some domain names include some illegal Uniform Resource Locators (URLs), which both may cause the IP of a CDN node to be blocked in the CDN acceleration process, and in general, it is difficult for a CDN control center to find out which nodes have their IP blocked, which may cause the blocked IP CDN to continue to serve, thereby further affecting the quality of a client due to abnormal service.
In the process of accelerating the speed of the user, the CDN control center cannot detect all the client access contents as abnormal, and often the CDN node is blocked by a third-party operator because the content of part of the domain names contains illegal information or the part of the domain names is not recorded and the like, which does not meet the requirements of the CDN node. After the IP of the CDN node is blocked, the CDN control center often receives a mail alert from a corresponding operator, and the CDN control center needs to remove the reason for IP blocking, and then applies for decapsulation. When the CDN node is blocked, it is difficult for the CDN itself to find out which IPs are specifically blocked. For example: when an abnormal URL of a domain name accelerated in a certain region of the CDN control center is detected by a CDN node, the CDN node inquires which CDN control center the corresponding IP is, and then sends a mail notification to perform blocking (the notification mode and the blocking mode of CDN nodes in different regions are different), if the CDN control center does not process in time, the corresponding server IP is blocked, and the condition that the service cannot be performed or the network in certain regions cannot be communicated occurs. If the CDN node does not notify after performing IP blocking, the CDN often needs to repeatedly confirm whether the IP is really blocked, and a long confirmation period is needed, so that other CDN nodes served by the server cannot perform normal service.
Therefore, how to quickly find the blocked IP and timely repair the blocked IP is a technical problem to be solved.
Disclosure of Invention
In order to solve the technical problem, the invention provides a method and a device for processing the exception of a content distribution network node server.
The invention provides a processing method for exception of a content distribution network node server, which comprises the following steps:
judging whether a server IP address in the CDN is blocked or not, wherein judging whether the server IP address is blocked or not comprises the following steps:
acquiring the states of various monitoring data when the IP address of the server is accessed and/or tested in real time;
judging whether the state of the monitoring data meets an abnormal judgment condition or not; the abnormal judgment condition is a state abnormal judgment condition of a single monitoring data, or is a set of state abnormal judgment conditions of more than one single monitoring data;
when the monitoring data meet the abnormal judgment condition, selecting the combination of the states of N items of monitoring data from the states of all items of monitoring data of the IP address of the server as monitoring logic; the states of the N monitoring data comprise states of the monitoring data meeting the state abnormity judgment condition;
judging whether the monitoring logic belongs to a blocking IP logic list or not, if so, judging that the IP address of the server is blocked, if not, judging whether the monitoring logic matches with the logic list belonging to a non-blocking IP or not, if so, maintaining the original operation of the IP address of the server, and if not, judging that the IP address of the server is blocked after inquiring a record for confirming that the IP address of the server is blocked in a blocking IP processing history sent to a CDN control center.
The method also has the following characteristics:
the method further comprises the following steps: and after the server IP address is judged to be blocked, switching the service of the server IP address to the server IP address which is not blocked.
The method also has the following characteristics:
the method further comprises the following steps: when a record that the server IP address is blocked is not inquired in a history of confirming the blocking IP processing sent to the CDN control center, the CDN control center generates an abnormal alarm and judges whether an abnormal monitoring logic of the server IP address can be reproduced or not, if so, the monitoring logic is added into the blocking IP logic list, and if not, the monitoring logic is added into the non-blocking IP logic list.
The method also has the following characteristics:
the method further comprises the following steps:
after the server IP address is judged to be blocked, determining a CDN node to which the server IP address belongs and a reason for blocking the server IP address, and recording a service domain name and a type of the blocked reason when the blocked reason is a reason caused by the service domain name;
counting the total number of times of being blocked of each CDN node and the number of times of being blocked corresponding to the type of the reason of each being blocked; the total number of times of plugging of the CDN node is the sum of the number of times of plugging all IPs contained in the CDN node;
counting the total times of plugging of each domain name and the times of plugging corresponding to the reason type of each plugged domain name; the total number of times the domain name is blocked is the total number of times the domain name serves as the serving domain name for the blocked server IP address.
The method also has the following characteristics:
determining the sensitivity of each CDN node to each blocked reason type according to the blocked times corresponding to each blocked reason type of each CDN node;
determining the sensitivity value of each domain name for each blocked reason type according to the blocked times corresponding to each blocked reason type of each domain name;
and selecting a domain name with the sensitivity value for a blocked reason type larger than a first preset value, and when a request for accessing the domain name is received, responding the request by using another CDN node with the sensitivity for the blocked reason type smaller than a second preset value.
The invention provides a processing device for exception of a content distribution network node server, which comprises: the judging module is used for judging whether the server IP address in the CDN is blocked or not; the judging module comprises:
the acquisition unit is used for acquiring the states of various monitoring data when the IP address of the server is accessed and/or tested in real time;
a first judgment unit configured to judge whether or not a state of the monitoring data satisfies an abnormality judgment condition; the abnormal judgment condition is a state abnormal judgment condition of a single monitoring data, or is a set of state abnormal judgment conditions of more than one single monitoring data;
the selecting unit is used for selecting the combination of the states of N monitoring data from the states of all monitoring data of the IP address of the server as monitoring logic when the monitoring data meet the abnormal judgment condition; the states of the N monitoring data comprise states of the monitoring data meeting the state abnormity judgment condition;
the second judging unit is used for judging whether the monitoring logic belongs to a blocking IP logic list or not;
the first processing unit is used for judging that the IP address of the server is blocked when the second judging unit judges that the monitoring logic belongs to the blocking IP logic list;
a third judging unit, configured to, when the second judging unit judges that the monitoring logic does not belong to the blocking IP logic list, judge whether the monitoring logic match belongs to a logic list of a non-blocking IP;
and the second processing unit is used for maintaining the original operation of the server IP address when the third judging unit judges that the monitoring logic matches the logic list belonging to the non-blocking IP, and is also used for judging that the server IP address is blocked after inquiring the record of blocking the server IP address in the processing history of the blocking confirmation IP sent to the CDN control center when the third judging unit judges that the monitoring logic matches the logic list not belonging to the non-blocking IP.
The device also has the following characteristics:
the first processing unit is further configured to switch the service of the server IP address to a server IP address that is not blocked after determining that the server IP address is blocked.
The device also has the following characteristics:
the second processing unit is further configured to control the CDN control center to generate an exception alarm and determine whether an exception monitoring logic of the server IP address is reproducible when a record for confirming that the server IP address is blocked is not queried in a history of processing a blocking IP sent to the CDN control center, and if so, add the monitoring logic to the blocking IP logic list, and if not, add the monitoring logic to the non-blocking IP logic list.
The device also has the following characteristics:
the device further comprises:
a blocking reason determining unit, configured to determine, after the first processing unit determines that the server IP address is blocked, a CDN node to which the server IP address belongs and a reason for the server IP address being blocked;
the recording unit is used for recording the service domain name and the type of the blocked reason when the blocked reason is caused by the service domain name;
the first counting unit is used for counting the total number of times of being blocked of each CDN node and the number of times of being blocked corresponding to each type of reason of being blocked; the total number of times of plugging of the CDN node is the sum of the number of times of plugging all IPs contained in the CDN node;
the second statistical unit is used for counting the total times of plugging of each domain name and the times of plugging corresponding to the reason type of each plugging; the total number of times the domain name is blocked is the total number of times the domain name serves as the serving domain name for the blocked server IP address.
The device also has the following characteristics:
the device further comprises:
the sensitivity calculation unit is used for determining the sensitivity of each CDN node to each blocked reason type according to the blocked times corresponding to each blocked reason type of each CDN node; the domain name server is also used for determining the sensitivity value of each domain name for each blocked reason type according to the blocked times corresponding to each blocked reason type of each domain name;
and the adjusting unit is used for selecting a domain name with the sensitivity value for a blocked reason type larger than a first preset value, and when a request for accessing the domain name is received, using another CDN node with the sensitivity for the blocked reason type smaller than a second preset value to respond to the request.
The invention can automatically find the blocked IP, recover the service on the blocked IP in real time, and dynamically adjust the IP covering the domain name, thereby reducing the probability of IP blocking of the whole network.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate an embodiment of the invention and, together with the description, serve to explain the invention and not to limit the invention. In the drawings:
fig. 1 is a flowchart of a processing method for a content distribution network node server exception in the embodiment.
Fig. 2 is a block diagram of a processing device for a content distribution network node server exception in the embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention. It should be noted that the embodiments and features of the embodiments in the present application may be arbitrarily combined with each other without conflict.
As shown in fig. 1, the method for processing the server exception of the content distribution network node includes: judging whether a server IP address in the CDN is blocked or not, wherein judging whether the server IP address is blocked or not comprises the following steps:
step 101, acquiring the state of each item of monitoring data in real time when a server IP address is accessed and/or tested;
step 102, judging whether the state of the monitoring data meets an abnormal judgment condition; the abnormal judgment condition is a state judgment condition of a single monitoring data or a set of state judgment conditions of more than one single monitoring data;
103, when the monitoring data meet the abnormal judgment condition, selecting a combination of the states of N items of monitoring data from the states of all items of monitoring data of the IP address of the server as monitoring logic; the states of the N monitoring data comprise states of the monitoring data meeting the state abnormity judgment condition;
and step 104, judging whether the monitoring logic belongs to a blocking IP logic list, if so, judging that the server IP address is blocked, if not, judging whether the monitoring logic matches the logic list belonging to a non-blocking IP, if so, maintaining the original operation of the server IP address, and if not, judging that the server IP address is blocked after inquiring a record that the server IP address is blocked in a blocking IP processing history confirmation sent to a CDN control center.
Wherein the content of the first and second substances,
because different CDN nodes have different judgment conditions for plugging the IP address of the CDN server, in the step 101 of the method, the states of all monitoring data of the IP address of the server comprise at least one monitoring data item in the same monitoring class or different monitoring classes;
the monitoring class includes: network state, port state, service state;
the network state includes: communication status within different level partitions; for example: the communication in the network with the same network segment is normal or abnormal, the communication in the network in the city is normal or abnormal, the communication in the network from the city to the province is normal or abnormal, and the communication in the network across the province is normal or abnormal.
The port state includes: a service port state, a service port state; the service port is a port for providing a set service to a user, that is, a port opened for serving a client, for example: http 80 port, https 443 port. A service port is a port that is not a standard protocol, as custom or customer requirements, because some functionality requires it to be on in addition to a customer port.
The service state monitoring comprises the following steps: request number, address status code status, address access quality.
Step 104 includes two logic lists, where the first logic list is a blocking IP logic list, for example, logic including manually confirmed blocking IPs of different CDN nodes; the second logic list is a non-blocking IP logic list, and the list is logic that the CDN server IP is abnormal under the condition that the logic of blocking the IP of the CDN node is not met.
In order to enable the system to perform self state feedback and continue operation according to the operation condition, the method further comprises the following steps: and when a record that the server IP address is blocked is not inquired in a history of confirming the blocking IP processing sent to the CDN control center, adding the monitoring logic into the non-blocking IP logic list.
Examples are as follows:
step 1, acquiring the state of each monitoring data of a server IP address in real time, specifically comprising:
normal communication in the network with the same network segment, normal communication in the network inside the city, normal communication in the network from the city to the province, normal communication in the network from the cross province, abnormal communication in the network from the city to the province (namely communication fault in the network from the city to the province), normal communication in the network from the cross province, abnormal service port state (continuous interruption), normal service port, abnormal request number (for example, the request number is not in the preset normal interval), and abnormal address access quality (for example, the address access quality is not in the preset normal interval)
And 2, judging the abnormal conditions to be abnormal communication in the city-to-province network and reduction of the number of requests.
And 3, judging that the server IP address meets an abnormal judgment condition, and selecting the states of N monitoring data from the states of all monitoring data of the server IP address as monitoring logic, wherein the states of the N monitoring data are normal communication in the same network segment network, normal communication in an urban internal network, normal communication in an urban to province network, normal communication in a cross-province network, abnormal communication in the province network and reduction of the number of requests.
And 4, matching the monitoring logic selected in the step 3 with each logic in the logic list of the blocking IP, wherein the matching fails, and matching the monitoring logic selected in the step 3 with each logic in the logic list of the non-blocking IP, wherein the matching fails.
Step 5, inquiring a record of the server IP address being blocked in a history of confirming the blocking IP processing sent to the CDN control center, selecting an IP with a normal service state to take over the work of the server IP address according to a reserved IP set when the record is inquired, automatically online, and adding the monitoring logic of the inquired server IP address into a first logic list; and when the record is not inquired, manually confirming, and adding the monitoring logic of the IP address of the inquiry server into the second logic list.
In step 104 of the method, when a record that the server IP address is blocked is not queried in a history of confirming that the blocking IP processing is sent to the CDN control center, the CDN control center generates an exception alarm and determines whether an exception monitoring logic of the server IP address is reproducible, and if so, adds the monitoring logic to the blocking IP logic list, and if not, adds the monitoring logic to the non-blocking IP logic list.
After step 104, after the server IP address is determined to be blocked, the service of the server IP address is switched to the server IP address that is not blocked.
The method also comprises the following steps: and after the server IP address is judged to be blocked, determining the CDN node to which the server IP address belongs and the reason for blocking the server IP address.
Reasons why the server IP address is blocked include the following:
1. the domain name served by the server IP address is not documented.
2. The domain name served by the server IP address contains illegal URL information.
3. And the server corresponding to the IP address of the server has suspicious behavior records. The specific suspicious behavior is specifically defined by the CDN node.
Determining the reason that the server IP address is blocked comprises one of the following methods:
firstly, obtaining from CDN network interaction information;
second, manual query acquisition
And thirdly, scanning the domain name served by the IP address of the server, inquiring whether the domain name is recorded, and if the domain name is not recorded, determining that the non-recorded domain name is the reason why the IP address of the server is blocked.
When the reason for being blocked is caused by the served domain name, the served domain name and the type of the reason for being blocked are recorded. Counting the total number of times of being blocked of each CDN node and the number of times of being blocked corresponding to the type of the reason of each being blocked; the total number of times of being blocked of the CDN node is the sum of the number of times of being blocked of all IPs contained in the CDN node. Counting the total times of plugging of each domain name and the times of plugging corresponding to the reason type of each plugged domain name; the total number of times the domain name is blocked is the total number of times the domain name serves as the server domain name for the server IP address that is blocked.
And determining the sensitivity of each CDN node to each blocked reason type according to the blocked times corresponding to each blocked reason type of each CDN node. And determining the sensitivity of each domain name for each blocked reason type according to the blocked times corresponding to each blocked reason type of each domain name. For example, the method of calculating the sensitivity may be: the sensitivity of a certain CDN node to a certain blocked cause type is a ratio of the number of times of the CDN node to the blocked cause type to the total number of times of the CDN node being blocked. For another example, the sensitivity of a CDN node for a certain type of reason to be blocked is a function value that forms a nonlinear relationship with the number of times of the CDN node for the type of reason to be blocked, and so on.
The whole network is intelligently regulated and controlled according to the sensitivity, comprising the following steps: and selecting a domain name with the sensitivity to a blocked reason type larger than a first preset value, and replacing the IP address serving the domain name with an IP address in another CDN node with the sensitivity to the blocked reason type smaller than a second preset value. Therefore, the IP covering the domain name can be dynamically adjusted, and the IP plugging probability of the whole network is reduced.
Examples are as follows:
in the machine room 1, the total plugging times are 15, wherein the plugging times for the reason that the domain name is not recorded are 10, and the plugging times for the reason that the domain name server is illegal are 5;
the machine room 2 has a total plugging frequency of 3, wherein the plugging frequency of the reason that the domain name is not recorded is 0, and the plugging frequency of the reason that the domain name server is illegal is 3;
the total number of times of blocking is 4 for domain name 1, wherein the number of times of blocking due to the non-record reason of domain name 1 is 1, and the number of times of blocking due to the violation of the domain name server is 3.
And the total blocked times of the domain name 2 are 11, wherein the blocked times of the domain name 1 due to non-record are 9, and the blocked times of the domain name server due to violation are 2.
The sensitivity value of the CDN node 1 for the reason that the domain name is not recorded is: 10/15, respectively; the sensitivity value of the CDN node 1 to the server violation cause is: 5/15, respectively;
the sensitivity value of the CDN node 2 to the reason why the domain name is not filed is: 0/3, respectively; the sensitivity value of the CDN node 2 to the server violation cause is: 3/3, respectively;
the sensitivity value of the domain name 1 to domain name non-record is as follows: 1/4, respectively; the sensitivity value of domain name 1 to server violation is: 3/4, respectively;
the sensitivity value of the domain name 2 to the reason for the domain name not being filed is as follows: 9/11, respectively; the sensitivity value of domain name 2 to the cause of the server violation is: 2/11.
When the whole network is intelligently regulated according to the sensitivity, the higher sensitivity value of the domain name 1 to server violation is 3/3, which is greater than the first preset value 1/2, the IP address serving the domain name 1 may be replaced with an IP address in another CDN node whose sensitivity to the type of cause being blocked is smaller than the second preset value (5/12), for example, the IP address serving the domain name 1 is replaced with an IP in the CDN node 1 whose sensitivity value to the cause of server violation is 5/15. Therefore, the IP covering the domain name can be dynamically adjusted, and the IP plugging probability of the whole network is reduced.
Fig. 2 is a block diagram of a processing apparatus for processing an abnormality of a content distribution network node server, the apparatus including: the judging module is used for judging whether the server IP address in the CDN is blocked or not; the judging module comprises:
the acquisition unit is used for acquiring the states of various monitoring data when the IP address of the server is accessed and/or tested in real time;
a first judgment unit configured to judge whether or not a state of the monitoring data satisfies an abnormality judgment condition; the abnormal judgment condition is a state abnormal judgment condition of a single monitoring data, or is a set of state abnormal judgment conditions of more than one single monitoring data;
the selecting unit is used for selecting the combination of the states of N monitoring data from the states of all monitoring data of the IP address of the server as monitoring logic when the monitoring data meet the abnormal judgment condition; the states of the N monitoring data comprise states of the monitoring data meeting the state abnormity judgment condition;
the second judging unit is used for judging whether the monitoring logic belongs to a blocking IP logic list or not;
the first processing unit is used for judging that the IP address of the server is blocked when the second judging unit judges that the monitoring logic belongs to the blocking IP logic list;
a third judging unit, configured to, when the second judging unit judges that the monitoring logic does not belong to the blocking IP logic list, judge whether the monitoring logic match belongs to a logic list of a non-blocking IP;
and the second processing unit is used for maintaining the original operation of the server IP address when the third judging unit judges that the monitoring logic matches the logic list belonging to the non-blocking IP, and is also used for judging that the server IP address is blocked after inquiring the record of blocking the server IP address in the processing history of the blocking confirmation IP sent to the CDN control center when the third judging unit judges that the monitoring logic matches the logic list not belonging to the non-blocking IP.
The first processing unit is further configured to switch a service of the server IP address to a server IP address that is not blocked after determining that the server IP address is blocked.
The second processing unit is further configured to control the CDN control center to generate an exception alarm and determine whether an exception monitoring logic of the server IP address is reproducible when a record for confirming that the server IP address is blocked is not queried in a history of processing a blocking IP sent to the CDN control center, and if so, add the monitoring logic to the blocking IP logic list, and if not, add the monitoring logic to the non-blocking IP logic list.
This device still includes:
a blocking reason determining unit, configured to determine, after the first processing unit determines that the server IP address is blocked, a CDN node to which the server IP address belongs and a reason for the server IP address being blocked;
the recording unit is used for recording the service domain name and the type of the blocked reason when the blocked reason is caused by the service domain name;
the first counting unit is used for counting the total number of times of being blocked of each CDN node and the number of times of being blocked corresponding to each type of reason of being blocked; the total number of times of plugging of the CDN node is the sum of the number of times of plugging all IPs contained in the CDN node;
the second statistical unit is used for counting the total times of plugging of each domain name and the times of plugging corresponding to the reason type of each plugging; the total number of times the domain name is blocked is the total number of times the domain name serves as the serving domain name for the blocked server IP address.
This device still includes:
the sensitivity calculation unit is used for determining the sensitivity of each CDN node to each blocked reason type according to the blocked times corresponding to each blocked reason type of each CDN node; the domain name server is also used for determining the sensitivity value of each domain name for each blocked reason type according to the blocked times corresponding to each blocked reason type of each domain name;
and the adjusting unit is used for selecting a domain name with the sensitivity value for a blocked reason type larger than a first preset value, and when a request for accessing the domain name is received, using another CDN node with the sensitivity for the blocked reason type smaller than a second preset value to respond to the request.
The above-described aspects may be implemented individually or in various combinations, and such variations are within the scope of the present invention.
It will be understood by those skilled in the art that all or part of the steps of the above methods may be implemented by instructing the relevant hardware through a program, and the program may be stored in a computer readable storage medium, such as a read-only memory, a magnetic or optical disk, and the like. Alternatively, all or part of the steps of the foregoing embodiments may also be implemented by using one or more integrated circuits, and accordingly, each unit/unit in the foregoing embodiments may be implemented in the form of hardware, and may also be implemented in the form of a software functional unit. The present invention is not limited to any specific form of combination of hardware and software.
It is to be noted that, in this document, the terms "comprises", "comprising" or any other variation thereof are intended to cover a non-exclusive inclusion, so that an article or apparatus including a series of elements includes not only those elements but also other elements not explicitly listed or inherent to such article or apparatus. Without further limitation, an element defined by the phrase "comprising … …" does not exclude the presence of additional like elements in the article or device comprising the element.
The above embodiments are merely to illustrate the technical solutions of the present invention and not to limit the present invention, and the present invention has been described in detail with reference to the preferred embodiments. It will be understood by those skilled in the art that various modifications and equivalent arrangements may be made without departing from the spirit and scope of the present invention and it should be understood that the present invention is to be covered by the appended claims.

Claims (10)

1. A processing method for exception of a content distribution network node server is characterized by comprising the following steps:
judging whether a server IP address in the CDN is blocked or not, wherein judging whether the server IP address is blocked or not comprises the following steps:
acquiring the states of various monitoring data when the IP address of the server is accessed and/or tested in real time;
judging whether the state of the monitoring data meets an abnormal judgment condition or not; the abnormal judgment condition is a state abnormal judgment condition of a single monitoring data, or is a set of state abnormal judgment conditions of more than one single monitoring data;
when the monitoring data meet the abnormal judgment condition, selecting the combination of the states of N items of monitoring data from the states of all items of monitoring data of the IP address of the server as monitoring logic; the states of the N monitoring data comprise states of the monitoring data meeting the state abnormity judgment condition;
judging whether the monitoring logic belongs to a blocking IP logic list or not, if so, judging that the IP address of the server is blocked, if not, judging whether the monitoring logic matches with the logic list belonging to a non-blocking IP or not, if so, maintaining the original operation of the IP address of the server, and if not, judging that the IP address of the server is blocked after inquiring a record for confirming that the IP address of the server is blocked in a blocking IP processing history sent to a CDN control center.
2. The method for handling content distribution network node server exceptions according to claim 1,
the method further comprises the following steps: and after the server IP address is judged to be blocked, switching the service of the server IP address to the server IP address which is not blocked.
3. The method for handling content distribution network node server exceptions according to claim 1,
the method further comprises the following steps: when a record that the server IP address is blocked is not inquired in a history of confirming the blocking IP processing sent to the CDN control center, the CDN control center generates an abnormal alarm and judges whether an abnormal monitoring logic of the server IP address can be reproduced or not, if so, the monitoring logic is added into the blocking IP logic list, and if not, the monitoring logic is added into the non-blocking IP logic list.
4. The method for handling content distribution network node server exceptions according to claim 1,
the method further comprises the following steps:
after the server IP address is judged to be blocked, determining a CDN node to which the server IP address belongs and a reason for blocking the server IP address, and recording a service domain name and a type of the blocked reason when the blocked reason is a reason caused by the service domain name;
counting the total number of times of being blocked of each CDN node and the number of times of being blocked corresponding to the type of the reason of each being blocked; the total number of times of plugging of the CDN node is the sum of the number of times of plugging all IPs contained in the CDN node;
counting the total times of plugging of each domain name and the times of plugging corresponding to the reason type of each plugged domain name; the total number of times the domain name is blocked is the total number of times the domain name serves as the serving domain name for the blocked server IP address.
5. The method for handling content distribution network node server exceptions according to claim 4,
determining the sensitivity of each CDN node to each blocked reason type according to the blocked times corresponding to each blocked reason type of each CDN node;
determining the sensitivity value of each domain name for each blocked reason type according to the blocked times corresponding to each blocked reason type of each domain name;
and selecting a domain name with the sensitivity value for a blocked reason type larger than a first preset value, and when a request for accessing the domain name is received, responding the request by using another CDN node with the sensitivity for the blocked reason type smaller than a second preset value.
6. An apparatus for handling content delivery network node server exceptions, comprising: the judging module is used for judging whether the server IP address in the CDN is blocked or not; the judging module comprises:
the acquisition unit is used for acquiring the states of various monitoring data when the IP address of the server is accessed and/or tested in real time;
a first judgment unit configured to judge whether or not a state of the monitoring data satisfies an abnormality judgment condition; the abnormal judgment condition is a state abnormal judgment condition of a single monitoring data, or is a set of state abnormal judgment conditions of more than one single monitoring data;
the selecting unit is used for selecting the combination of the states of N monitoring data from the states of all monitoring data of the IP address of the server as monitoring logic when the monitoring data meet the abnormal judgment condition; the states of the N monitoring data comprise states of the monitoring data meeting the state abnormity judgment condition;
the second judging unit is used for judging whether the monitoring logic belongs to a blocking IP logic list or not;
the first processing unit is used for judging that the IP address of the server is blocked when the second judging unit judges that the monitoring logic belongs to the blocking IP logic list;
a third judging unit, configured to, when the second judging unit judges that the monitoring logic does not belong to the blocking IP logic list, judge whether the monitoring logic match belongs to a logic list of a non-blocking IP;
and the second processing unit is used for maintaining the original operation of the server IP address when the third judging unit judges that the monitoring logic matches the logic list belonging to the non-blocking IP, and is also used for judging that the server IP address is blocked after inquiring the record of blocking the server IP address in the processing history of the blocking confirmation IP sent to the CDN control center when the third judging unit judges that the monitoring logic matches the logic list not belonging to the non-blocking IP.
7. The apparatus for processing a content distribution network node server exception according to claim 6,
the first processing unit is further configured to switch the service of the server IP address to a server IP address that is not blocked after determining that the server IP address is blocked.
8. The apparatus for processing a content distribution network node server exception according to claim 6,
the second processing unit is further configured to control the CDN control center to generate an exception alarm and determine whether an exception monitoring logic of the server IP address is reproducible when a record for confirming that the server IP address is blocked is not queried in a history of processing a blocking IP sent to the CDN control center, and if so, add the monitoring logic to the blocking IP logic list, and if not, add the monitoring logic to the non-blocking IP logic list.
9. The apparatus for processing a content distribution network node server exception according to claim 6,
the device further comprises:
a blocking reason determining unit, configured to determine, after the first processing unit determines that the server IP address is blocked, a CDN node to which the server IP address belongs and a reason for the server IP address being blocked;
the recording unit is used for recording the service domain name and the type of the blocked reason when the blocked reason is caused by the service domain name;
the first counting unit is used for counting the total number of times of being blocked of each CDN node and the number of times of being blocked corresponding to each type of reason of being blocked; the total number of times of plugging of the CDN node is the sum of the number of times of plugging all IPs contained in the CDN node;
the second statistical unit is used for counting the total times of plugging of each domain name and the times of plugging corresponding to the reason type of each plugging; the total number of times the domain name is blocked is the total number of times the domain name serves as the serving domain name for the blocked server IP address.
10. The apparatus for processing a content distribution network node server exception according to claim 9,
the device further comprises:
the sensitivity calculation unit is used for determining the sensitivity of each CDN node to each blocked reason type according to the blocked times corresponding to each blocked reason type of each CDN node; the domain name server is also used for determining the sensitivity value of each domain name for each blocked reason type according to the blocked times corresponding to each blocked reason type of each domain name;
and the adjusting unit is used for selecting a domain name with the sensitivity value for a blocked reason type larger than a first preset value, and when a request for accessing the domain name is received, using another CDN node with the sensitivity for the blocked reason type smaller than a second preset value to respond to the request.
CN201811488817.2A 2018-12-06 2018-12-06 Processing method and device for exception of content distribution network node server Active CN111294412B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811488817.2A CN111294412B (en) 2018-12-06 2018-12-06 Processing method and device for exception of content distribution network node server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811488817.2A CN111294412B (en) 2018-12-06 2018-12-06 Processing method and device for exception of content distribution network node server

Publications (2)

Publication Number Publication Date
CN111294412A true CN111294412A (en) 2020-06-16
CN111294412B CN111294412B (en) 2022-09-23

Family

ID=71021819

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811488817.2A Active CN111294412B (en) 2018-12-06 2018-12-06 Processing method and device for exception of content distribution network node server

Country Status (1)

Country Link
CN (1) CN111294412B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117255005A (en) * 2023-11-14 2023-12-19 北京火山引擎科技有限公司 CDN-based service alarm processing method, device, equipment and medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102769549A (en) * 2011-05-05 2012-11-07 腾讯科技(深圳)有限公司 Network security monitoring method and device
US20130094445A1 (en) * 2011-10-13 2013-04-18 Interdigital Patent Holdings, Inc. Method and apparatus for providing interfacing between content delivery networks
CN106130816A (en) * 2016-06-24 2016-11-16 腾讯科技(深圳)有限公司 A kind of content distributing network monitoring method, monitoring server and system
CN106921519A (en) * 2017-02-24 2017-07-04 广州咨元信息科技有限公司 A kind of method that IP route closure is carried out based on automatic dispatching and workflow management
CN106953740A (en) * 2017-01-24 2017-07-14 阿里巴巴集团控股有限公司 The processing method of page access data, client, server and system in
CN107277160A (en) * 2017-07-12 2017-10-20 北京潘达互娱科技有限公司 A kind of content delivery network node switching method and device

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102769549A (en) * 2011-05-05 2012-11-07 腾讯科技(深圳)有限公司 Network security monitoring method and device
US20130094445A1 (en) * 2011-10-13 2013-04-18 Interdigital Patent Holdings, Inc. Method and apparatus for providing interfacing between content delivery networks
CN106130816A (en) * 2016-06-24 2016-11-16 腾讯科技(深圳)有限公司 A kind of content distributing network monitoring method, monitoring server and system
CN106953740A (en) * 2017-01-24 2017-07-14 阿里巴巴集团控股有限公司 The processing method of page access data, client, server and system in
CN106921519A (en) * 2017-02-24 2017-07-04 广州咨元信息科技有限公司 A kind of method that IP route closure is carried out based on automatic dispatching and workflow management
CN107277160A (en) * 2017-07-12 2017-10-20 北京潘达互娱科技有限公司 A kind of content delivery network node switching method and device

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117255005A (en) * 2023-11-14 2023-12-19 北京火山引擎科技有限公司 CDN-based service alarm processing method, device, equipment and medium
CN117255005B (en) * 2023-11-14 2024-02-02 北京火山引擎科技有限公司 CDN-based service alarm processing method, device, equipment and medium

Also Published As

Publication number Publication date
CN111294412B (en) 2022-09-23

Similar Documents

Publication Publication Date Title
US11689899B2 (en) System and method for triggering on platform usage
US20200241936A1 (en) System and method for tagging and tracking events of an application
US20070204033A1 (en) Methods and systems to detect abuse of network services
TW200828072A (en) Spam control systems and methods
JP2009176301A (en) Method and system for set of network devices which can be connected to network for providing enhanced collaboration, scalability and reliability
CN101741643A (en) Content delivery network node detecting method and system
CN104468554A (en) Attack detection method and device based on IP and HOST
WO2017206576A1 (en) Gateway service processing method and apparatus
CN109787827B (en) CDN network monitoring method and device
US6772349B1 (en) Detection of an attack such as a pre-attack on a computer network
CN115190108B (en) Method, device, medium and electronic equipment for detecting monitored equipment
CN111294412B (en) Processing method and device for exception of content distribution network node server
CN114465791A (en) Method and device for establishing white list in network management equipment, storage medium and processor
CN108173711B (en) Data exchange monitoring method for internal system of enterprise
CN108156061B (en) esb monitoring service platform
CN106789422A (en) The monitoring method and device of a kind of dns server
CN117135580A (en) 5G message universal access system and method
US20100146101A1 (en) Method And System For Binding A Watcher Representing A Principal To A Tuple Based On A Matching Criterion
US7047289B1 (en) MIB detecting data modification in MIB tables in an SNMP command responder
CN110769462A (en) Network access control method and device
CN115514663B (en) Dial testing method, system, device, electronic equipment and storage medium
CN108696555B (en) Equipment detection method and device
CN115361358A (en) IP extraction method, device, storage medium and electronic device
CN114629874A (en) Cloud protection node switching method, system, equipment and medium of source station server
CN115834330A (en) Group obstacle detection method, device, equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant